7 VulnDB-API
Requirements
Linux Control Center = 2.10.X or higher
Overview
The Linux Control Center (LCC) has the 7vulndb-api, a constantly updated database with information about vulnerable packages from the main Linux distributions. The identification process uses the database to check for packages with vulnerabilities. Then, a scan is performed on all hosts managed by the LCC to compare and identify the presence of any package listed in the database.
Objective
The objective of this manual is to demonstrate the step-by-step process for using the LCC's 7Vulndb vulnerability API.
Identifying Vulnerable Packages with the 7 Vulndb API
When performing this action on a Host, all packages with identified vulnerabilities will be marked. If the same package with vulnerability is installed on another Host, it will also be flagged in the Console.
Access the LCC and click on 7 Vulndb API

Click on Check Vulnerability

The Status column will have the phrase Waiting API process: indicating that the API is performing the scan.

The Status column will have API awnser received:, indicating that the scan has finished, along with the number of packages scanned.

These are the descriptions of the information fields on the 7 Vulndb API screen
Packages request: Total number of packages sent for analysis.
Packages vulnerable: Number of packages that have some vulnerability, whether exploitable or not.
Request Uuid: Request identifier.
Created at: Time the analysis request was sent.
Updated at: Time the analysis request was completed.
Package Analysis Vulnerabilities
After the scan is complete, you can get more details about the vulnerabilities found in the packages.
Click on Hosts in the left side menu.

Click on a desired Host and click on CVEs.

All CVEs identified in all packages will be displayed.

To find the CVE of a specific package, change the selector from Host to Package

Click on Filter Packages

Note that it is possible to use the Package Vulnerable By Tenable filter in conjunction with the Package Vulnerable By 7Vulndb filter
Select the desired filters and click on Confirm Filter.

This way, only the vulnerabilities related to the selected packages will be listed.

Updating Vulnerable Packages
In the left side menu of the LCC, click on Hosts.

Select 1 or more Hosts and click on the Actions button at the top of the page and execute the Package Vulnerable Update action.

Confirm the action by clicking Yes

Open the host that sent the action and click on Actions History

Wait for the actions Package Vulnerable update, Package Check Update and Photography to have the status Processed

With this action, some vulnerabilities that can be mitigated only by updating packages will no longer be a risk to your environment!
Based on this information, it is possible to develop some security measures such as:
Update package
Proactive monitoring
Freeze package version until the version situation is investigated.
Vulnerability management
Backup and recovery
Although not limited to these options, these measures aim to mitigate possible vulnerabilities and promote a safer environment.
Last updated